Latest CyberSec News by @thecyberpicker

GitHub compromise led to Drift data breach, impacting 22 companies and prompting Salesloft app suspension.

This week on the Lock and Code podcast, we speak with Emily Galvin-Almanza about predictive policing and whether it actually improves safety.

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack.

Dans un accord signé le 5 septembre 2025, Nintendo et le propriétaire d'un site de piratage de Switch ont mis fin à une bataille judiciaire entamée plus d'un an auparavant. Pour éviter une procédure qui aurait pu s’éterniser, le hacker a choisi d’accepter les conditions du géant japonais, auquel il doit désormais la

An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack.

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August.

Key Takeaways The intrusion began when a user downloaded and executed a malicious file impersonating DeskSoft’s EarthTime application but instead dropped SectopRAT malware. The threat actor d…

GPUGate malware uses Google Ads and fake GitHub commits to steal data from IT firms since Dec 2024, bypassing sandboxes and GPU-lacking systems.

Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers

Nearly three-quarters of CIOs and CISOs see information complexity as an adoption roadblock, according to a Ponemon Institute study commissioned by OpenText.

Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques

With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now!

Pour contrer les campagnes de désinformation orchestrées par des acteurs étrangers sur les réseaux sociaux, en particulier sur X, le ministère des Affaires étrangères a annoncé le lancement d’un compte officiel dédié à la riposte. Une initiative qui s’inscrit dans une stratégie de communication plus offensive de la

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors

Continuous compliance is how modern teams stay secure, agile, and trusted. With the right systems in place, compliance stops being a burden.

Adobe breaks their regular patch schedule and will release an emergency fix for CVE-2025-54236 within the next 24 hours. Automated abuse is expected and merc...

Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.

This week in cybersecurity from the editors at Cybercrime Magazine

Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.

Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Even so, we must not lose sight of the fact that a different administration could wield the same technology to advance a more positive future for AI in government. To most on the American left, the DOGE end game is a dystopic vision of a government run by machines that benefits an elite few at the expense of the people. It includes AI ...

Palo Alto Networks, Cloudflare and Zscaler were also among confirmed victims of the attack

From Drift chaos to zero-days on the loose — this week’s cyber recap has it all. ⚡ Stay sharp, stay patched.

Security researchers have discovered a new malicious campaign impacting hundreds of GitHub users

Venezuela’s President Maduro shows Huawei Mate X6 gift from China's President Xi Jinping, hailing it as “unhackable” by U.S. spies.

Le 3 septembre 2025, Nati Tal, directeur de Guardio Labs, a révélé sur X le mode opératoire d'une nouvelle menace cyber appelée « Grokking ». Une attaque où l’IA du réseau social, Grok, est exploitée pour contourner la sécurité et diffuser des liens malveillants auprès de millions d'utilisateurs. Les mesures prises

North Korean hiring fraud surged 220% in 2023, using AI deepfakes to infiltrate companies and steal data.

Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild

A list of topics we covered in the week of September 1 to September 7 of 2025

ChatGPT's Projects feature is now feature and second new feature allows you to create new conversations from existing conversations.